“The world’s most valuable resource is no longer oil, but data.”— The Economist

The proliferation of data, paired with emerging technologies such as artificial intelligence, have generated enormous opportunities for financial institutions and their customers. Financial services companies are gaining a clearer sense of what their customers want, where they want it, when they want it and how they want to get it.

Notice a customer searching online for mortgage rates? Respond with a highly personalized email of mortgage options, based on online search activity and existing assets with the bank. Suspicious transaction activity? Follow up with an automated text message and phone call from a customer service representative to ensure the customer is protected, through a secure, seamless and convenient interaction.

Customer activities and associated data insights educate financial organizations further on customer nuances, activities and preferences — enriching the overall experience. While data has immeasurably improved a range of functions and processes (e.g., customer service, compliance, financial crime, regulatory reporting), the manner in which data is used by organizations carries significant potential privacy implications and further regulatory scrutiny.

Whether a bank, insurance company, or wealth and asset management firm, the organization must ensure that robust governance, internal controls and privacy safeguards are in place to fulfill data privacy and overall compliance with laws and regulations. Before we delve deeper into how the financial services industry should balance customer data usage and privacy, it’s critical to possess a clear understanding of the market and regulatory forces shaping this debate.

The changing nature of data governance

Data governance is difficult to put into practice at many firms due to a range of factors, including a growing web of various privacy requirements, particularly in sectors with vast quantities of sensitive consumer data. For context, data privacy addresses a combination of legacy and new regulations, both foreign and domestic.

An attendee holds a yellow Nokia 8110 4G smartphone, manufactured by HMD Global Oy, during a launch event ahead of the Mobile World Congress (MWC) in Barcelona, Spain, on Sunday, Feb. 25, 2018. At the wireless industrys biggest conference, more than 100,000 people are set to see the latest smartphones, artificial intelligence devices and autonomous drones exhibited by roughly 2,300 companies. Photographer: Angel Garcia/Bloomberg

Angel Garcia/Bloomberg

These regulations are also coupled with growing concerns and expectations related to cybersecurity, such as New York Department of Financial Services Cybersecurity Regulation (23 NYCRR 500), the Federal Information Security Management Act (FISMA) and the Federal Exchange Data Breach Notification Act, among others.

In fact, while data privacy is evolving to address a complex patchwork of regulations and technical challenges, it should, at its core, represent a rather simple mandate and an unwavering commitment from financial institutions to safeguard customer data, while using and retaining only requisite data to generate insights in a pragmatic, measured and prudent manner to enrich customer experiences.

Governance and privacy safeguards balanced with customer data usage

Consumer information is the lifeblood of financial institutions’ businesses. Customer data enables financial services organizations to create market differentiation and better target customers and prospects with products and services that align with their unique needs.

The most successful companies use rich, updated and accurate data and insights to engage customers and connect with clients in compelling ways across multiple channels and digital touch points. Customers expect more value, more personalization and near seamless interactions. As such, to drive better experiences, retain existing customers and acquire new ones, organizations are using data along with sophisticated analytics to counter new market entrants, many of which do not face the same requirements as established financial institutions.

Today, more than ever, financial institutions are collecting prodigious and diverse amounts of consumer data — both structured and unstructured — to deepen relationships, create exceptional experiences, further establish financial health and well-being, and build trust. Trust is no longer just about being a safe, reliable, secure, resilient financial institution. It is also heavily reliant upon how firms empower their customers to make decisions about how the institution is allowed to use data to personalize experience and create more value through customized products and services.

Absent that trust, financial services companies could experience significant business head winds — attributed mostly to reputation decline and credibility issues. As such, to build and reinforce customer trust, financial institutions should establish data privacy as the cornerstone of their strategy for growth. Consumer data is at the very core of how firms assess and model risk as well as price, service and sell the products. In fact, without significant consumer insight, financial institutions would not be competitive and could potentially lose their valued customer base.

Market activity creating even more data

Decades of commercial mergers and acquisitions, core platform replacements and integrations, and workforce transformation programs have generated mountains of consumer data in every enterprise.

While this new ecosystem of consumer data creates business opportunities for financial institutions, many firms candidly admit challenges associated with data governance along with proper risk and security controls. These variables have made it difficult for companies to address the underlying data integrity issue. This creates a massive risk to realizing the benefits of new technologies and connected data ecosystems such as cloud, unstructured data platforms and analytical environments.

Additionally, there is no doubt that legacy systems create complex issues. But there are new ways to tackle managing consumer data. The key for financial service companies is to gain executive commitment and investment. Data privacy leaders also need to challenge executives who hope for an easy answer, especially those who wish that the problem will simply fade. Nothing is more valuable to a financial institution than its customers and the trust those customers place with the institution to protect their data.

Where do we go from here?

Faced with a tsunami of consumer data-related regulation, financial institutions find themselves at a critical inflection point. To continue to grow, companies will need to use customer data. Yet to safeguard their reputation and foster trust with customers, organizations must institute robust governance and internal safeguards to protect data privacy.

Cleaning up customer data is not easy because it sits not only in the most obvious spots but also in unstructured data environments that may lack transparency and traceability — complicated further by extended partnerships, vendors and alliances — potentially unattended and, in many cases, without sufficient visibility to the board and C‑suite. In the future, customers will expect more control over their data and will want the option to “opt in” to hyper personalization. They will expect that firms won’t use their data without permission; therefore, all of these considerations must be elements of governance.

Data privacy isn’t just about regulation or enabling technology; it is first and foremost an obligation. It is the most fundamental promise businesses can make to their customers — the uncompromising protection of their personal information. Financial institutions that are able to design, implement and adapt privacy safeguards, while using available customer data to deliver richer and more evolved experiences, will be the biggest winners of all.

The views reflected in this article are the authors’ own and do not necessarily reflect the views of the global EY organization or its member firms.